Cook
A wordlist framework to fullfill your kinks with your wordlists. For security researchers, bug bounty and hackers.
Install / Use
/learn @glitchedgitz/CookREADME
COOK
An overpowered wordlist generator, splitter, merger, finder, saver, create words permutation and combinations, apply different encoding/decoding and everything you need.
Frustration killer! & Customizable!
Index
- Installation
- Basic
- COOK's Ingredients
- Methods
- Some Usecases Examples
- ULTIMATE USAGE
- Repeat Operator
*and** - Parsing Rules
- Flags
- Use as library
- Share your recipies/ingredients in cook-ingredients
- Contribute
Installation
Use Go or download latest builds
go install -v github.com/glitchedgitz/cook/v2/cmd/cook@latest
Configuration
From version v2.2 cook save cook-ingredients at $home/.config/cook/cook-ingredients
To change create a path variable name
COOK=[YOUR PATH]
Basic
Without basics, everything is complex. <img src="assets/basic.png">
Ranges
<img src="./assets/ranges.png">Param Approach
Name them anything and use them to generate the pattern. This will be more useful when you apply encoding column-wise using methods.
cook -start intigriti,bugcrowd -sep _,- -end users.rar,secret.zip / start sep end
Note: you must include parameter in the pattern, otherwise it will not print anything.
COOK's Ingredients
Cook depends on cook-ingredients, which are .yaml files collections of wordsets, functions, ports, wordlists from assetnotes, seclist, fuzzdb, 15+ etc.
Categories
| Category | Description |
| ----------- | ----------------------------------------------------- |
| lists | Array of values to directly use when called out |
| files | Array of urls |
| ports | Ranges of numbers |
| raw-files | Array of local files |
| functions | Functions are used to generate patterns |
Save wordlists/lists/chars everything in my.yaml
<img src="assets/savewordlist.png">
Functions
cook -dob date[17,Sep,1994] elliot _,-, dob
Customize my.yaml
Edit my.yaml manually or use these commands.
▸ Add/Update
If keyword doesn't exist it will create it. Otherwise it will update it and add the new value in the same variable.
# Syntax
cook add [keyword]=[value1, value2, ..., valueN] in [category]
# Command
cook add unique_name=word1,word2,word3 in lists
▸ Delete
cook delete [keyword]
Local File / Fetch URL
use : after param name.
cook -f: live.txt f
cook -f: https://example.com/wordlist.txt f
Access Wordlists from databases
Cook has fetched multiple repositories and can directly use wordlist from these repos...
assetnotes, seclist, fuzzdb, etc.
<img src="assets/search.png">Methods
Using methods you can encode, decode, reverse, split, sort, extract and can do much more...
Methods can be applied on final output or column-wise
-m/-methodto apply methods on the final output-mc/-methodcolto apply column-wise.param.methodnameapply to any parameter-wise, will example this param thing later.
Multiple Encoding
- Overlapping Encodings:
- Use dot
. md5.b64e.urleapply multiple methods one by one.- Output Logic:
Generated Pattern>md5 hashing>base 64 encoding>URL Encoding.
- Use dot
- Different Encodings:
- Use comma
, md5,sha1,sha256apply different encoding to the same generated pattern.- Output Logic:
Generated Pattern>md5 hashingGenerated Pattern>sha1 hashingGenerated Pattern>sha256 hashing
- Use comma
Break naming conventions 💫
Special focus on these 2 methods, these will be great help everytime you use any wordlist.
Smart Break -m smart
▶ cook adminNew,admin_new -m smart
Output:
admin
New
admin
new
Smart Join -m smartjoin[<case>:<char>]
It breaks and join back with the supplied character.
▶ cook adminNew,admin-old -m smartjoin[:_]
Output:
admin_New
admin_old
Apply Cases over separated
Here we applied camlecase
▶ cook suppose_this_is_long_text -m smartjoin[c:_]
Output:
suppose_This_Is_Long_Text
All methods cook help methods
sort - Sort them
sortu - Sort them with unique values only
reverse - Reverse string
leet - a->4, b->8, e->3 ...
leet[0] or leet[1]
smart - Separate words with naming convensions
redirectUri, redirect_uri, redirect-uri -> [redirect, uri]
smartjoin - This will split the words from naming convensions &
param.smartjoin[c,_] (case, join)
redirect-uri, redirectUri, redirect_uri -> redirect_Uri
u upper - Uppercase
l lower - Lowercase
t title - Titlecase
String Operations
split - split[char]
splitindex - splitindex[char:index]
replace - Replace All replace[this:tothis]
JSON
json - Extract JSON field
json[key] or json[key:subkey:sub-subkey]
Url Operations
fb filebase - Extract filename from path or url
s scheme - Extract http, https, gohper, ws, etc. from URL
user - Extract username from url
pass - Extract password from url
h host - Extract host from url
p port - Extract port from url
ph path - Extract path from url
f fragment - Extract fragment from url
q query - Extract whole query from url
k keys - Extract keys from url
v values - Extract values from url
d domain - Extract domain from url
tld - Extract tld from url
alldir - Extract all dirrectories from url's path
sub subdomain - Extract subdomain from url
allsubs - Extract subdomain from url
Encode/Decode
b64e b64encode - Base64 encode
b64d b64decode - Base64 decode
charcode - Give charcode encoding
- charcode[0]
abc
- charcode[1] with semicolon
abc
hexe hexencode - Hex string encode
hexd hexdecode - Hex string decode
jsone jsonescape - JSON escape
jsonu jsonunescape - JSON unescape
urle urlencode - URL encode reserved characters
utf16 - UTF-16 encoder (Little Endian)
utf16be - UTF-16 encoder (Big Endian)
urld urldecode - URL decode
urleall urlencodeall - URL encode all characters
xmle xmlescape - XML escape
xmlu xmlunescape - XML unescape
unicodee unicodeencodeall - Unicode escape string encode (all characters)
unicoded unicodedecode - Unicode escape string decode
HASHES
md5 - MD5 sum
sha1 - SHA1 checksum
sha224 - SHA224 checksum
sha256 - SHA256 checksum
sha384 - SHA384 checksum
sha512 - SHA512 checksum
Some Usecases Examples
Some general usecases to grasp understanding of cook.
▸ Sites using custom suffix/preffix?
<img src="assets/prefixsuffix.png">▸ Join wordlists line-by-line
Use -append flag:
cook -l: live.txt -p: payloads.txt l / p -append 2
# Multiple columns
cook col1 col2 col3 col4 col5 -append 2,5
_Note: Sometime is confusing to find
Related Skills
proje
Interactive vocabulary learning platform with smart flashcards and spaced repetition for effective language acquisition.
YC-Killer
2.7kA library of enterprise-grade AI agents designed to democratize artificial intelligence and provide free, open-source alternatives to overvalued Y Combinator startups. If you are excited about democratizing AI access & AI agents, please star ⭐️ this repository and use the link in the readme to join our open source AI research team.
research_rules
Research & Verification Rules Quote Verification Protocol Primary Task "Make sure that the quote is relevant to the chapter and so you we want to make sure that we want to have it identifie
groundhog
398Groundhog's primary purpose is to teach people how Cursor and all these other coding agents work under the hood. If you understand how these coding assistants work from first principles, then you can drive these tools harder (or perhaps make your own!).
